Dell Buying EMC: The Impact on RSA

Dell's announcement that it plans to purchase storage maker EMC for a mind-boggling $67 billion, the highest price for a pure-tech acquisition, does not make clear the fate of EMC's information security unit, RSA.

Dell is borrowing heavily to buy EMC, which means it's possible the company will sell or spin off some units to help defray acquisition costs. Several analysts say Dell likely has not yet decided whether RSA fits into its long-term plans or should be sold or spun off.

Dell and EMC did not respond to ISMG's request to comment on plans for RSA.

"Cybersecurity is a hot investing area. So there may be some rationale to try to take advantage of that, and get a good [price], and use that to raise additional funds to help pay down the cost of the bigger of the larger EMC-Dell merger," says Merritt Maxim, a senior security and risk analyst at IT adviser Forrester.

Next Generation of IT

Dell CEO Michael Dell made a passing reference to information security in announcing the acquisition on Oct. 12. "Our new company will be exceptionally well-positioned for growth in the most strategic areas of next generation IT, including digital transformation, software-defined data center, converged infrastructure, hybrid cloud, mobile and security," Dell said.

What's driving Dell, principally known as a maker of personal computers, to acquire EMC is the rapid demand for cloud computing, with its massive need for server hardware and software.

A rapidly growing number of enterprises seek managed security services as they find themselves challenged to implement sophisticated technologies on their own, such as those offered by RSA, says Eddie Schwartz, president of digital security provider White Ops, who served as RSA's first CISO from 2011 to 2013. Dell could employ RSA's know-how and products to meet the demand from enterprises for managed security services, he says. "It's a perfect relationship bring those two together," Schwartz says. "It's a shot in the arm both parties needed."

RSA is perhaps best known for its SecurID multifactor authentication token, which in 2011 was compromised by a sophisticated attack that eventually cost EMC $66 million, mostly to replace the devices. The company also is known for its security conferences that attract tens of thousands of attendees.

Security: Small Piece of the Pie

A small but high-profile part of EMC's empire, RSA would be even a smaller part of Dell should the deal be completed. In 2014, RSA generated revenue of $1.035 billion, or 4.2 percent of EMC consolidated revenue of $24.4 billion. Dell is a private company and does not publicly report its financial results. However, when it last posted results as a public company for the first half of 2013, revenue from its infrastructure, cloud and security services totaled $1.2 billion, or 4.2 percent of Dell's consolidated net revenue of nearly $28.6 billion.

It remains unclear whether RSA will be incorporated into Dell. Word has been circulating since last spring that Dell is considering spinning off SecureWorks, its managed security services business acquired in 2011. The Wall Street Journal, quoting individuals familiar with the deal, last week reported that Dell filed confidentially an IPO for Dell SecureWorks.

But if Dell decides to keep RSA, SecureWorks and its other security businesses, it will need to build a cohesive new security business strategy.

"The obvious move is to leverage RSA products and services, Dell Security products and SecureWorks security services as a cohesive whole, but right now, they're all separate," says Andrian Sanabria, senior analysts at the IT research firm 451 Research. "We'll have to wait and see what they do."

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;